Booting is a process of loading system software into main memory of a computer. Booting may be triggered by powering on the computer or by a soft restart that does not require power cycling of the computer. The process begins with the execution of boot firmware that performs a power-on self-test and is followed by loading and execution of the boot loader. In legacy systems, such as the ones implementing the BIOS (Basic Input/Output System) standard, the boot loader is executed without any verification that it can be trusted. Some systems may implement the UEFI (Unified Extensible Firmware Interface) standard, which has been developed to replace the BIOS standard. In such systems implementing the UEFI standard, “secure” booting may be enabled.
With secure booting enabled, the UEFI firmware checks that the boot loader is signed with the proper cryptographic key. Some Linux® based systems extend signature verification to the next stage of booting, i.e., when the Linux® kernel is loaded. Likewise, some Windows® based systems employ signature verification for its boot loader and also the Windows® kernel.
In virtualization platforms, such as computers installed with virtualization software, the virtualization software, also referred to as a hypervisor, is loaded into the main memory of the computer during the booting process. Some virtualization platforms implement a secure booting process enabled by the UEFI standard so as to provide customers of the virtualization platforms strong assurance that the hypervisor is secure and can be trusted. With secure booting enabled in such systems, the integrity of the boot loader and the hypervisor kernel is confirmed through signature verification.